Summary

HP Data Protector contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to insufficient sanitization of user-supplied input by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the system. If successful, the attacker could execute arbitrary code on the system.

HP has confirmed this vulnerability and released updated software.

Indicators of Compromise

HP Data Protector versions 6.20 and 7.0 are vulnerable.

Technical Information

The vulnerability is in the dpnepolicyservice component used by the affected software because it exposes the DPNECentral web service on port 80. The affected service uses a LogCopyOperation method that performs insufficient sanitization of user-supplied input.

An unauthenticated, remote attacker could exploit this vulnerability by sending malicious requests to the targeted system that consist of crafted values in the copyStatus field. Processing such requests could cause the affected application to copy the user-supplied input into an insufficiently sized buffer, resulting in memory corruption. The attacker could leverage the memory corruption to execute arbitrary code on the system.

Analysis

To exploit this vulnerability, the attacker would need access to trusted, internal networks. This access restriction reduces the possibility of a successful exploit attempt.

Systems running on Microsoft Windows platforms are vulnerable. Because users on a typical Windows system hold administrative privileges, successful exploitation could result in a complete system compromise.

This vulnerability has been documented in Alert 24426.

Safeguards

Administrators are advised to apply the appropriate updates.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Revision History

Affected Products

The security vulnerability applies to the following combinations of products.

Primary Products

HP

Data Protector

6.20 (Base) | 7 (.00)

Associated Products

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM
THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

FIXED SOFTWARE INFORMATION AND LINKS PROVIDED BY SUPPLIERS AND VENDORS ARE FOR REFERENCE ONLY. USERS SHOULD CONTACT THEIR SUPPLIER OR VENDOR FOR UPDATED SOFTWARE.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products